iarp

header.php <?php //start output buffering ob_start(); //start a session session_name('MOHA'); session_start(); include ('session.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta name="Description" content="Unofficial Website for the MOHA" /> <meta name="Keywords" content="MOHA, Minor Oaks Hockey Association, Oakville, Hockey" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>MOHA - <?php echo$page_title;?></title> <!-- ADDS AUTOMATIC PAGE TITLE TO THE TOP BAR OF BROWSERS WITH "MOHA - " FIRST --> <!-- CSS PAGE --> <link rel="stylesheet" type="text/css" href="/css/style.css" /> <!-- JAVASCRIPT SHEETS DON'T EDIT THESE --> <script type="text/javascript" src="/css/dropdowntabs.js"></script> <script type="text/javascript" src="/css/chrome.js"></script> <script type="text/javascript" src="/css/external.js"></script> </head> <body> <a name="top"></a> <div id="edit"><h1> THIS WEBSITE IS A BETA VERSION AND BEING EDITED, THE ORIGINAL IS LOCATED AT <a href="http://www.moha.on.ca">http://www.moha.on.ca</a></h1><a href="http://validator.w3.org/check?uri=referer" class="external">EDITORS LINK</a></div> <div id="container"> <!-- MAIN HEADER --> <div id="header"> <h1>MINOR OAKS HOCKEY ASSOCIATION INC</h1> <h3>1026 SPEERS ROAD, UNIT 8-9, OAKVILLE, ON L6L 2X4 905-338-9220 FAX 905-338-9677 www.moha.on.ca</h3> </div> <!-- TOP NAVIGATION BAR --> <div id="navigation"> <a href="../" title="Home">Home</a> | <a href="../code_of_conduct.php" title="MOHA's Code of Condust">Code of Conduct</a> | <a href="../moha_bylaw.php" title="MOHA Bylaw">MOHA Bylaw's</a> | <a href="../contact.php" title="Contact the MOHA">Contact Us</a> | <a href="../helpful_links.php" title="Helpful Links">Helpful Link's</a> | <?php if((isset($_SESSION['user_id'])) && (!strpos($_SERVER['PHP_SELF'], 'logout.php'))){ if ($userlevel >= "2") {echo '<a href="../admin/">Admin</a> | ';} echo '<a href="../logout.php">Logout</a>'; } else { echo '<a href="../login.php">Login</a> | '; echo '<a href="../register.php">Register</a>'; } ?> <!-- Welcome to: <font color="#591F20"><?php echo $YAH_title; ?></font><br /> --> </div> <?php include('menu.php'); ?> <!-- END TOP NAVIGATION BAR --> session.php <?php $firstname = ucwords($_SESSION['first_name']); $userlevel = $_SESSION['userlevel']; $userid = $_SESSION['user_id']; DEFINE('DB_USERS', 'MOHA_users'); DEFINE('DB_CONTENT', 'MOHA_content'); DEFINE('DB_URLS', 'MOHA_urls'); DEFINE('DB_CAT', 'MOHA_category'); DEFINE('PAGE_DISPLAY', '10'); ?> mysql_connect.php <?php #mysql_connect.php DEFINE ('DB_USER', 'username'); DEFINE ('DB_PASS', 'password'); DEFINE ('DB_HOST', 'host'); DEFINE ('DB_NAME', 'database name'); if ($dbc = mysql_connect(DB_HOST, DB_USER, DB_PASS)) { if (!mysql_select_db(DB_NAME)) { trigger_error("Could not select the database!\n<br />MySQL Error: " . mysql_error()); include ('footer.php'); exit(); } } else { trigger_error("Could not connect to MySQL!\n<br />MySQL Error: " . mysql_error()); include('footer.php'); exit(); } function escape_data($data) { if (ini_get('magic_quotes_gpc')){ $data = stripslashes($data); } if(function_exists('mysql_real_escape_string')) { global $dbc; $data = mysql_real_escape_string(trim($data), $dbc); } return $data; } ?> (Admin section) index.php <?php $page_title = 'Admin Panel'; $YAH_title = 'Admin Panel'; include ('../includes/header.php'); if ($userlevel >= "2"){ require_once('../includes/mysql_connect.php'); ?> <div id="content"> <h1>Welcome, <?php echo $firstname; ?>!</h1> <?php if ($userlevel >= "9") {echo '<p><a href="view_users.php">View Current Users</a></p>';} ?> <p><a href="add_url.php">Add a URL</a> to the <a href="../helpful_links.php">Helpful Links</a> webpage</p> <div id="admin_news"> <h1>Latest News</h1> <?php if ($userlevel >= "9") { // shows if theres a url waiting approval $query = "SELECT approved FROM " . DB_URLS . " WHERE approved = 'N'"; $result = @mysql_query($query); $link_app = mysql_num_rows ($result); if ($link_app > 0) echo "<p> <a href=\"edit_url.php\">You have $link_app link(s) waiting on approval</a></p>"; //shows if theres a user waiting approval. $query1 = "SELECT * FROM `" . DB_USERS . "` WHERE `active` IS NOT NULL;"; //i also tried COUNT(*) and i get the , from print $value.", "; string. $result1 = mysql_query($query1) or die(mysql_error()); $user_activate = mysql_num_rows($result1); $usernames = array(); if ($user_activate >= 0) { while ($user_check = mysql_fetch_assoc($result1)){ $usernames[] = $user_check['username']; //change to what the username field is on your db } echo "<p><a href=\"view_users.php\">Accounts awaiting activation: "; foreach ($usernames as $value){ print $value.", "; } echo "</a></p>"; } } ?> </div> <div align="center"> <h3>Change Your Password</h3> <form action="change_password.php" method="post" class="changepassword"> <b>New Password:</b> <input type="password" name="password1" size="20" maxlength="20" /> <b>Confirm Password:</b> <input type="password" name="password2" size="20" maxlength="20" /> <input type="submit" name="submit" value="Change My Password" /> <input type="hidden" name="submitted" value="TRUE" /> </form> </div> </div> <!-- END CONTENT --> <?php include ('../includes/footer.php'); } else { // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST']; // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/login.php'; header("Location: $url"); exit(); // Quit the script. } ?>

on your login page, when you call on the database table for the users info $query = "SELECT user_id, first_name, userlevel FROM tablenamehere WHERE (username='$un' AND password=SHA('$p'))"; $_SESSION['user_id'] = $row[0]; $_SESSION['first_name'] = $row[1]; $_SESSION['userlevel'] = $row[2]; session_name('whateveryouwanthere'); // this allows you to specify the sessions name and as long as you have both of these lines all the $_SESSION['']; data is accessible. session_start();

No errors, this is all thats shown in the source code of the page. Theres gotta be something wrong with my coding. <div id="admin_news"> <h1>Latest News</h1> <p><a href="view_users.php">Accounts awaiting activation: </a></p> </div>

Yes it's DEFINE('DB_USERS', 'MOHA_users'); for the table name. Theres something wrong with my php coding because i just connected to a fresh new database... added my tables .. registered, and the EXACT SAME message.

I think he's got this backwards 0.o ... wouldn't slowing it down make it more vulnerable?

As a last resort, i only had 3 user entrys, 2 were myself and 1 was a friend. So i clear and remade the whole users database. I made my account, activated it.. gave myself the permissions i need via phpMyAdmin... and the same message ~.~ this is driving me up the wall!

I'm not one for bumping posts alot, but i tried this code on different pages as tests and still the exact same problem. Is there such a thing as ghosts in a database? because i really don't see any other way this is happening... i'm pretty sure i've covered all changes i've made recently and nothing seemed to revert it back to working state. Lucky enough i have a back-up copy from a couple days ago that i can use... just i lose alot of work ~.~

i changed if ($user_activate >= 0) { to if ($user_activate > 0) { Because having the code execute even if theres 0 there doesn't make sence. The code now doesn't run at all even though i have 1 person that is not set to NULL. So now i'm wondering if theres something else wrong. Just above this piece of coding i have: $query = "SELECT approved FROM " . DB_URLS . " WHERE approved = 'N'"; $result = @mysql_query($query); $link_app = mysql_num_rows ($result); if ($link_app > 0) echo "<p> <a href=\"edit_url.php\">You have $link_app link(s) waiting on approval</a></p>"; Link to the full pages code: http://moha.iarp.ca/index.txt Header: http://moha.iarp.ca/includes/header.txt session http://moha.iarp.ca/includes/session.txt Hopes something helps

tried that and all i got was nothing else, so then i went and deactivated someone which should've triggered this to work, and all i got was the exact same thing. The username isn't printing at all with it.

Nothing shows up lol.

I originally had: $query1 = "SELECT COUNT(*) FROM " . DB_USERS . " WHERE active != NULL"; $result1 = @mysql_query($query1); $user_activate = mysql_num_rows($result1); if ($user_activate > 0) echo "<p><a href=\"view_users.php\">There seems to be $user_activate person awaiting activation</a></p>"; But even thought i was on the database admin page and theres only 3 users, all 3 are set to NULL. Yet the output on the page says theres 1 person awaiting activation So i tried the code below to show just whatis equaling this 1 "person" and got... $query1 = "SELECT * FROM " . DB_USERS . " WHERE active != NULL"; $result1 = @mysql_query($query1); $user_activate = mysql_num_rows($result1); if ($user_activate >= 0) echo "<p><a href=\"view_users.php\">There seems to be' $result 'person awaiting activation</a></p>"; Returns: Is there such a thing as database ghosts ?

<?php echo $_SESSION['user_name']; ?>

My next semester is Java OOP so hopefully all that will make alot more sense, but my first guess saying it called functions was correct.

Makes sense, thank you. That first link to the manual just confused the crap outta me 0.o

I've been taking a look at the coding for Wordpress and PHPBB to see if i could get any ideas, or grasp any concepts from them on how to do things with the website i'm working on. On both pieces of coding i see alot of -> but don't get exactly how they work Is it like: function taxes(cost, taxRate) { $answer = etc...etc } $data -> taxes($baseCost, 1.13); ?

If i'm not mistaken that should allow php coding inside of that as well and work? For my example, i'm working on http://moha.iarp.ca and when someone logins it would still say Welcome, <firstname> to the Minor Oaks ... etc And if you wouldn't mind showing me that code to write to the file that would be awesome. Plus this file can have other pages information on it i take it?

So have the pages information in a completely separate page and just include(''); that everyone? From what i read, your putting 1 set of data into $data and then that exact same data is being shown on every page which wouldn't make sense.

Hey, Just wondering what you guys think would be easier. Having all the content in a database table and just called to the page as someone views it, or have the information on the page itself with no database involvement. Which would be easier for using a WYSIWYG editor. I'm trying to create a website for a volunteer company and they person who works on it is as smart as a brick when it comes to any type of coding. If it's got GUI and he can see what it'll look like right away then he's fine. So i'm wondering if it's easier to edit the content when it's in a database or on the page itself. And does anyone have any recommendations for any good editors? What i was after was having a script that would allow site admin to click an Edit link somewhere on the page and have that open the page editor.. edit the page, save and then reload to see his changes.... any suggestions?

I've very new to this php & mysql integration, i just finish going through like 4 books on it... kind of a drag but it helped more then i thought. As i have it admin is 9, guest is 1 and user is 2. And i didn't know if there was a possible way for someone to forge the number and get by without my passwords and such, thanks though. Safer to ask then hope it doesn't happen to you.

Hey, this is my story. In the header file i have this: $userlevel = $_SESSION[‘userlevel’] On my admin pages i've put: include ('../includes/header.php'); if ($userlevel == "9"){ ?> <div id="content"> <!—Show admin content here à </div> <!-- END CONTENT --> <?php include ('../includes/footer.php'); } else { <!—if the person requesting the page is not the correct userlevel, redirect them to the home page. --> $url = 'http://' . $_SERVER['HTTP_HOST']; if ((substr($url, -1) =='/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } $url .= '/index.php'; header("Location: $url"); exit(); } ?> Now what i’m worried that someone with better knowledge in this field will be able to get by this very easily. p.s. i'm using if ($userlevel == "9") { echo '<a href="../admin/view_users.php">View Users</a><br />'; } for my menu items.. should seem to be fine. Any helps appreciated -- Thanks Iarp